CVE-2020-12723
- EPSS 5.97%
- Veröffentlicht 05.06.2020 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:00:08
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-10543
- EPSS 11.33%
- Veröffentlicht 05.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:55:32
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2020-10878
- EPSS 4.88%
- Veröffentlicht 05.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:56:16
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE-2020-11971
- EPSS 14.33%
- Veröffentlicht 14.05.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:00
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
CVE-2020-11972
- EPSS 5.51%
- Veröffentlicht 14.05.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:01
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-11973
- EPSS 6.59%
- Veröffentlicht 14.05.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:01
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-10683
- EPSS 7.27%
- Veröffentlicht 01.05.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:50
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...
CVE-2020-1967
- EPSS 53.34%
- Veröffentlicht 21.04.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:11:45
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur...
CVE-2020-2961
- EPSS 1.84%
- Veröffentlicht 15.04.2020 14:15:37
- Zuletzt bearbeitet 21.11.2024 05:26:44
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows unauthen...
CVE-2020-11619
- EPSS 3.61%
- Veröffentlicht 07.04.2020 23:15:12
- Zuletzt bearbeitet 29.04.2026 20:06:42
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).